Do all endpoints require authentication?

All IPGeolocation.io API endpoints except require authentication using an API key or Request Origin (CORS).

How do I pass the API key?

Pass as a query parameter in your API requests.

API Authentication

All IPGeolocation.io API endpoints except /v3/getip require authentication. You can authenticate requests using an API key or Request Origin (CORS). The Get IP endpoint does not require authentication.

Your plan determines what you can access (credits and features), but this page focuses on authentication methods and request credentials.

At a Glance

Recommended for backend/server-side requests: API key using apiKey query parameter.
For browser-based requests on paid plans: Request Origin (CORS).
No-auth utility endpoint: /v3/getip .

Authentication Methods

IPGeolocation.io supports two authentication methods:

1. API Key (Recommended)

You can make authenticated API requests by passing your API key as a query parameter.

How to Use:

Log in to your Billing dashboard.
Copy your API key from the API Keys section.
Pass apiKey as a query parameter in your requests.
Do not place API keys in client-side JavaScript. For server-side usage, store your API key in environment variables.

Example request with apiKey :

curl -X GET 'https://api.ipgeolocation.io/v3/ipgeo?apiKey=API_KEY&ip=8.8.8.8'

Important

Do not expose apiKey in frontend code. Prefer a backend proxy in production. If you must call from the browser, use Request Origin (CORS).

I. Database Subscribers (Downloads)

If you are a database subscriber, you also need a valid IPGeolocation.io API key to download and use database archives.

See Databases Documentationfor database plans and file details.

2. Request Origin (CORS) (Paid Plans Only)

Request Origin lets you call APIs from client-side JavaScript without exposing your API key in frontend code. This is available on all paid plans.

How to Configure:

Log in to your Billing dashboard.
In the API Keys section, click Add more to add a new API key or request origin.
A form opens with two options: API Key and Request Origin .
Choose Request Origins and enter the domain where requests will be made.
After saving, requests from the main domain and subdomains work without passing apiKey .

Note

If your website is https://example.com , enter example.com as the request origin.

API Key and Request Origin Limits (By Plan)

The number of extra API keys and request origins is limited based on your plan.

Plan	No. of Extra API Keys + Request Origins
Starter150K requests	1
Core250K requests	1
Plus500K requests	2
Pro1M requests	2
Business2M requests	3
Premium5M requests	3

Important

You can add more than your plan limit at $2.5 per month per API key or Request Origin.

Related Docs

API Response Formats (JSON and XML): Request JSON or XML using output or the Accept header.
Get IP (no auth): utility endpoint details.
Databases Documentation: download and use IPGeolocation databases.

Frequently Asked Questions

All IPGeolocation.io API endpoints except /v3/getip require authentication using an API key or Request Origin (CORS).

Yes. Use Request Origin (CORS) on paid plans to call APIs from client-side JavaScript without exposing your API key.

Pass apiKey as a query parameter in your API requests.

Yes. Database subscribers need a valid IPGeolocation.io API key to download and use database files.